Once you have an incident response plan in place and a team prepared, the incident response process then enters a state of perpetual monitoring: watching for signs that an incident is taking place or already occurred. In this video, learn about the incident identification process, including incident detection, first responder responsibilities, and the process of isolating affected systems through quarantine or device removal.
- [Narrator] Once you have an incident response plan…in place and a team prepared,…the incident response process…then enters a state of perpetual monitoring,…watching for signs that an incident is taking place…or has already occurred.…There are many different ways that an organization…might identify a security incident.…The key to successful incident identification…is having a robust security monitoring infrastructure.…Data is crucial to incident detection,…and organizations have a responsibility…to collect, analyze, and retain security information.…
There are many different information sources…that may contribute data crucial…to identifying and analyzing a possible security incident.…These include intrusion detection and prevention systems,…firewalls, authentication systems,…system integrity monitors, vulnerability scanners,…system event logs, NetFlow connection records,…and anti-malware packages, among many other sources.…If IT systems do one thing well,…it's generating massive amounts of log information.…
Security professionals are responsible…
- Building an incident response program
- Escalation and notification
- eDiscovery process
- Conducting investigations
- System and file forensics
- Reporting and documenting incidents
- Business continuity planning
- Validating backups
- Testing BC/DR plans
Skill Level Intermediate
Q: This course was updated on 06/01/2018. What changed?
A: We updated three videos, covering creating an incident response program, communications plan, and response team.